local cjson = require "cjson"

local function add_domain(cookies, key, domain)
    if type(cookies) == "string" then -- 确保 set_cookies 是一个表
        cookies = { cookies }
    end

    local new_cookies = {} -- 查找并修改名为 'remember' 的 Cookie
    for _, cookie in ipairs(cookies) do
        local cookie_key, value = string.match(cookie, "^%s*(.-)%s*=%s*(.-)%s*;")
        if cookie_key == key then
            local new_cookie = value .. "; Domain=" .. domain .. "; Path=/; HttpOnly; SameSite=Lax"
            table.insert(new_cookies, key.."=" .. new_cookie)
        else
            table.insert(new_cookies, cookie)
        end
    end

    return new_cookies;
end

ngx.req.read_body()
local body = ngx.req.get_body_data()

if not body then
    ngx.status = ngx.HTTP_BAD_REQUEST
    ngx.say("No body found")
    return
end

local ok, json_data = pcall(cjson.decode, body)
if not ok then
    ngx.status = ngx.HTTP_BAD_REQUEST
    ngx.say("Invalid JSON")
    return
end

local user_account = json_data.account
local user_password = json_data.password

local reply = {}

local session = require "resty.session".start()

local accounts = require("lua/accounts")
local credentials = accounts.credentials()
if credentials and credentials[user_account] == user_password then
    reply.status = 0
    reply.message = "登录成功"
    session:set("account", user_account)
    session:set("authenticated", true)
    session:save()

    ngx.header["Set-Cookie"] = add_domain(ngx.header["Set-Cookie"], "remember", ".amass.fun");
else
    reply.status = -100
    reply.message = "登录失败"
end

ngx.say(cjson.encode(reply))